The Audit Coordinator’s Lifecycle
Audit coordinators should develop their own audit preparation lifecycle that addresses potential requests and requirements based on previous audits.
An auditor may have asked to review a department’s software asset management (SAM) reports during a previous audit, in order to verify that all licenses are up to date and no users are running unlicensed or unapproved software. Part of the audit plan, then, should include a monthly review of those same reports.
Verify that the SAM reports are complete and all software is fully licensed. If auditors previously asked for access-control lists for every server, run those same reports on a regular basis, and keep that information in the plan.
Every company and IT organization is different, but there are some good starting points for developing any departmental audit plan: